SSO
Single Sign-On (SSO) lets your team log in to Omnixi using their existing Microsoft or Google accounts — no separate passwords needed. This guide walks you through setting up SSO with Azure Active Directory (Azure AD) or Google Workspace.
Prerequisites
Section titled “Prerequisites”Before you begin, make sure you have:
- Admin access to Azure AD or Google Workspace — you’ll need to create an enterprise application
- Admin access to Omnixi Portal — to complete the SSO configuration
- A list of users who should have Portal access — you can sync these from your identity provider
Setting up Azure AD SSO
Section titled “Setting up Azure AD SSO”Create an enterprise application
Section titled “Create an enterprise application”- Sign in to the Azure Portal (portal.azure.com) as an admin
- Go to Azure Active Directory → Enterprise applications
- Click New application
- Click Create your own application
- Name it “Omnixi” (or similar)
- Select Integrate any other application you don’t find in the gallery (Non-gallery)
- Click Create
Configure SAML single sign-on
Section titled “Configure SAML single sign-on”- In your new Omnixi app, go to Single sign-on in the sidebar
- Select SAML as the sign-on method
- In Basic SAML Configuration, click Edit
- Enter these values:
| Field | Value |
|---|---|
| Identifier (Entity ID) | https://portal.omnixi.app/saml/metadata |
| Reply URL | https://portal.omnixi.app/saml/acs |
| Sign on URL | https://portal.omnixi.app/login |
- Click Save
Get SAML details for Omnixi
Section titled “Get SAML details for Omnixi”- In the same SAML configuration page, scroll to SAML Certificates
- Find the Federation Metadata URL — copy this URL
- Keep this tab open — you’ll paste this into the Portal
Assign users
Section titled “Assign users”- Go to Users and groups in the sidebar
- Click Add user/group
- Select the users (or groups) who should have Portal access
- Click Assign
Complete setup in Omnixi Portal
Section titled “Complete setup in Omnixi Portal”- Go to Settings → SSO in the Omnixi Portal
- Select Azure AD as your identity provider
- Paste the Federation Metadata URL you copied
- Click Test Connection — verify it works
- Click Enable SSO
Your users can now log in with their Azure AD credentials.
Setting up Google SSO
Section titled “Setting up Google SSO”Create a SAML application
Section titled “Create a SAML application”- Sign in to the Google Admin Console (admin.google.com) as an admin
- Go to Apps → Web and mobile apps
- Click Add app → Add custom SAML app
- Enter “Omnixi” as the app name
- Click Continue
Configure SSO details
Section titled “Configure SSO details”- Copy the SSO URL and Entity ID from the Google setup page
- In a new browser tab, go to
https://portal.omnixi.app/saml/metadata - Save this page as a file (Ctrl+S) — this is your metadata XML
- Back in Google, under Service provider details:
| Field | Value |
|---|---|
| ACS URL | https://portal.omnixi.app/saml/acs |
| Entity ID | https://portal.omnixi.app |
| Start URL | https://portal.omnixi.app/login |
- Click Continue
Map user attributes
Section titled “Map user attributes”- Under Attribute mapping, click Add mapping
- Map Google attributes to Omnixi fields:
| Google attribute | Omnixi attribute |
|---|---|
| Basic Information → Primary Email | |
| Basic Information → First Name | firstName |
| Basic Information → Last Name | lastName |
- Click Finish
Turn on the app
Section titled “Turn on the app”- In Google Admin, click the overflow menu (three dots) next to your Omnixi app
- Select Turn on for everyone (or limit to specific org units)
- Click Turn on
Get SAML details for Omnixi
Section titled “Get SAML details for Omnixi”- In the Google Admin console, go to the SSO tab for the Omnixi app
- Find the IdP metadata link — click to download the XML
- Copy the contents of this file (or the URL if available)
Complete setup in Omnixi Portal
Section titled “Complete setup in Omnixi Portal”- Go to Settings → SSO in the Omnixi Portal
- Select Google as your identity provider
- Either:
- Paste the IdP metadata URL, OR
- Upload the IdP metadata XML file
- Click Test Connection — verify it works
- Click Enable SSO
Your users can now log in with their Google credentials.
After enabling SSO
Section titled “After enabling SSO”How users log in
Section titled “How users log in”Once SSO is enabled, the login page changes:
- Users go to
portal.omnixi.app - They click Sign in with Microsoft or Sign in with Google
- They’re redirected to authenticate with their organisation
- They’re automatically logged into Omnixi
First-time login
Section titled “First-time login”On first login via SSO:
- An Omnixi account is created automatically
- Their name and email are pulled from the identity provider
- They’re assigned to teams based on their identity provider groups (if configured)
Managing users
Section titled “Managing users”When SSO is enabled:
- New users — if they’re in your identity provider and assigned to the Omnixi app, they can log in automatically
- Removing access — remove them from the identity provider group or disable their account there
- Updating details — changes to name/email in your identity provider sync to Omnixi on next login
Troubleshooting
Section titled “Troubleshooting”Users can’t log in
Section titled “Users can’t log in”| Problem | Solution |
|---|---|
| ”Account not found” | Check the user is assigned in your identity provider |
| ”Not authorised” | Check the user’s email domain matches your SSO configuration |
| Wrong password prompt | Make sure you’re clicking the SSO button, not entering a password |
Setup not working
Section titled “Setup not working”- Test the connection — use the “Test Connection” button in the Portal before enabling
- Check the metadata URL — make sure it’s accessible and valid
- Verify attribute mapping — ensure email maps correctly (this is required)
Lost admin access
Section titled “Lost admin access”If you’re locked out after enabling SSO:
- Contact Omnixi support — they can disable SSO temporarily
- Use the backup admin account you set up before enabling SSO